Many electronic communication systems require access of users to particular applications to be controlled, such control generally entailing authenticating persons and/or messages. This is the case in particular when it is a question of controlling access to a computer or more generally a data processing network whose use is reserved to duly authorized persons. Such networks can be used, for example, to provide all kinds of services involving a transaction, usually with an economic consideration, such as telepurchasing, pay-per-view television, home banking, interactive video games, etc.
Access control systems of this kind are described in particular in documents U.S. Pat. Nos. 3,806,874, 4,601,011, 4,720,860, 4,800,590 and 5,060,263. The systems described in the above documents use a portable secure electronic device which generates a password by encrypting a variable. A verification unit performs the same calculation or a similar calculation on the same or approximately the same variable and authorizes access to the requested application if the passwords generated in the portable device and the verification unit match. The variable can be a random or pseudo-random number, referred to hereinafter as a die, transmitted from the verification unit to the portable device, or it can be generated independently in the portable device and in the verification unit by means of a clock and/or an event counter, for example.
If the encryption process used in the portable device and the verification unit uses a symmetrical algorithm and a secret key, for example the DES (Data Encryption Standard) algorithm, the security of the system relies on the preservation of the secret character of the key stored both in the portable device and in the verification unit.
In some cases, the key can be static, i.e. it retains the same value throughout the service life of the portable device.
In other cases, the key can be dynamic, i.e. it changes in time as a function of the content of a counter incremented by a clock signal and/or an event counter, for example.
Whether the key is static or dynamic, it must initially, i.e. when the device is personalized, have a particular value which is stored both in the portable electronic device and in a database associated with the verification unit. When a user requests access, he or she must one way or another, for example using a public identification number or a personal identification number (PIN), identify himself or herself to the verification unit which obtains from the database the static key or, in the case of a dynamic key, the information that may be needed to calculate the current key.
Security problems of a similar kind arise in secure electronic communication systems using portable electronic devices and verification units employing encryption and decryption by means of asymmetric algorithms with public and private keys. The mechanisms used by an algorithm of the above kind (authentication, signature, etc) are such that the secret character of one or more of the keys stored in the devices and/or the verification units must be conserved.
During the personalizing process the key(s) and other secret personalizing data are loaded into memory in the device by the entity which supplies the device to the end user. Protecting the personalizing data by enabling the supplier of a smart card to substitute a new master key controlling access to the personalizing data for the initial key installed by the card manufacturer is well known in the art, in particular from document WO 93/10509.
What is more, the rapid expansion of secure electronic communication systems is leading to the design of products for implementing a number of different applications and having a number of different security levels for the same application. The problem then arises of guaranteeing the independence of the applications and the associated security levels, i.e. the various functions implemented by the device.
One object of the invention is to provide a secure portable electronic device for communication with another electronic unit which is capable of assuring this independence of the functions.